Windows filesharing

Windows allows one to share folders on a PC over the network. Unfortunately, the default permissions for shared folders usually allow anyone with access to write to a folder and modify files on it. As a result, such "open shares" are one of the main ways that PCs get broken into, and there are numerous viruses that can infect hosts through open shares. In order to prevent such break-ins and virus infections from happening, people should restrict access to shares on their PCs. It is also recommended that the guest account be disabled on all PCs. You will need administrator rights on your PC to make these changes.

What not to share

You should not share the C:\ or any other system drive. In particular, you should never ever share C:\ or a system drive such that everyone has write access to it. Doing so ensures that your PC will eventually get broken into and/or infected with a virus. Even providing read-only access for everybody to your C:\ drive means that files that may contain sensitive configuration information, e-mail, and other data can be read by anyone on the internet.

Whenever possible only provide read access to a share. Use specific access lists containing the names of the people you want to access your files, instead of providing access to Everyone. Keep in mind that if you provide Change or Full Control access to Everyone, anyone on the internet can modify files on that share.

Most PCs have Administrative shares, called C$, D$, etc (one for every drive). Most PCs will also have a share called ADMIN$, which is a pointer to the system root, and a share called IPC$. These shares are needed for domain administration of your PC, and should not be removed (and can only be accessed by someone with administrative access to your PC). If you do remove them, by default they will be re-created upon reboot.

Go to the folder, right click on it, and choose Sharing from the menu.

If you don't want to share that folder, click on the Not Shared button.

If you do want to share that folder, click on Permissions to go to the Access Through Share Permissions dialogue.

If Everyone is listed as having Full Control or Change rights, you can change those rights by clicking on the arrow and choosing the appropriate rights from the menu. To remove a user from the access list, highlight the entry and click Remove.

To add a specific user, use the Add button. You can type a name or select one from the scrollbox.

For each use you select, adjust permissions appropriately using the Access Through Share Permissions dialogue.

On Windows 2000 & XP

To get a list of shares on your PC:

Right click on the My Computer icon on your desktop and select Manage from the menu.